在价值 2.85 亿美元的 Drift 黑客事件之后,新的 Solana 恐慌表明加密货币的下一个安全风险可能已经存在
Burns Brief
Drift 漏洞和 Stabble 的预防性警告指出了一个棘手的加密安全问题:下一个重大漏洞可能早在资金转移到链上之前就开始了。这一消息令市场参与者感到不安,空头希望压低价格,而多头则试图捍卫关键支撑位。观察 $SOL 的反应 - 高于或低于关键水平的决定性走势将确认下一个趋势。
The Drift exploit and Stabble’s precautionary warning point to a difficult crypto security problem: the next major breach may begin long before funds move on-chain. That is what makes these incidents more than isolated alarms. They suggest that some protocols may still be looking for smart contract flaws, while the real exposure lies in hiring, access, governance, and trusted relationships. On Apr. 1, Drift suspended deposits and withdrawals and told users it was under an active attack. By Apr. 5, the team said with medium-high confidence that the same threat actors behind the October 2024 Radiant Capital hack had executed the operation. TRM Labs estimated the drain at approximately $285 million, and the Drift post-mortem described a complex scheme in which individuals used $1 million of their own capital and met in person with Drift team members to infiltrate the protocol's structure. On the technical side, TRM identified the critical weakness as social engineering of multisig signers combined with a zero-timelock Security Council migration. This governance design enabled attackers to execute privileged actions without the delays intended to catch unauthorized changes. Why this matters This shifts the risk from code alone to the people and permissions around it. For users and markets, that means a protocol can appear operational until a hidden access failure triggers a live funds event, forced withdrawals, or a sudden loss of trust. Elliptic said the laundering patterns and network indicators matched those of prior DPRK-attributed operations and pointed to a probable compromise of administrator keys that enabled privileged withdrawals and administrative control. Related Reading Hackers sneak crypto wallet-stealing code into a popular AI tool that runs every time Compromised LiteLLM versions 1.82.7 and 1.82.8 stole SSH keys, cloud creds, Kubernetes secrets, env vars, and crypto wallet material. Mar 26, 2026 · Gino Matos Attackers earned enough trust to convert ordin
Key Takeaways
- The Drift exploit and Stabble’s precautionary warning point to a difficult crypto security problem: the next major breach may begin long before funds move on-chain
- That is what makes these incidents more than isolated alarms
- They suggest that some protocols may still be looking for smart contract flaws, while the real exposure lies in hiring, access, governance, and trusted relationships
- 1, Drift suspended deposits and withdrawals and told users it was under an active attack
- 5, the team said with medium-high confidence that the same threat actors behind the October 2024 Radiant Capital hack had executed the operation